<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<title>BLP2.0: CI_Security Class Reference</title>

<link href="tabs.css" rel="stylesheet" type="text/css"/>
<link href="doxygen.css" rel="stylesheet" type="text/css" />

<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<script type="text/javascript">
  $(document).ready(function() { searchBox.OnSelectItem(0); });
</script>

</head>
<body>
<div id="top"><!-- do not remove this div! -->


<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  
  
  <td style="padding-left: 0.5em;">
   <div id="projectname">BLP2.0
   
   </div>
   
  </td>
  
  
  
 </tr>
 </tbody>
</table>
</div>

<!-- Generated by Doxygen 1.8.0 -->
<script type="text/javascript">
var searchBox = new SearchBox("searchBox", "search",false,'Search');
</script>
  <div id="navrow1" class="tabs">
    <ul class="tablist">
      <li><a href="index.html"><span>Main&#160;Page</span></a></li>
      <li><a href="namespaces.html"><span>Namespaces</span></a></li>
      <li class="current"><a href="annotated.html"><span>Data&#160;Structures</span></a></li>
      <li><a href="files.html"><span>Files</span></a></li>
      <li>
        <div id="MSearchBox" class="MSearchBoxInactive">
        <span class="left">
          <img id="MSearchSelect" src="search/mag_sel.png"
               onmouseover="return searchBox.OnSearchSelectShow()"
               onmouseout="return searchBox.OnSearchSelectHide()"
               alt=""/>
          <input type="text" id="MSearchField" value="Search" accesskey="S"
               onfocus="searchBox.OnSearchFieldFocus(true)" 
               onblur="searchBox.OnSearchFieldFocus(false)" 
               onkeyup="searchBox.OnSearchFieldChange(event)"/>
          </span><span class="right">
            <a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
          </span>
        </div>
      </li>
    </ul>
  </div>
  <div id="navrow2" class="tabs2">
    <ul class="tablist">
      <li><a href="annotated.html"><span>Data&#160;Structures</span></a></li>
      <li><a href="classes.html"><span>Data&#160;Structure&#160;Index</span></a></li>
      <li><a href="hierarchy.html"><span>Class&#160;Hierarchy</span></a></li>
      <li><a href="functions.html"><span>Data&#160;Fields</span></a></li>
    </ul>
  </div>
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
     onmouseover="return searchBox.OnSearchSelectShow()"
     onmouseout="return searchBox.OnSearchSelectHide()"
     onkeydown="return searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(0)"><span class="SelectionMark">&#160;</span>All</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span class="SelectionMark">&#160;</span>Data Structures</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span class="SelectionMark">&#160;</span>Namespaces</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span class="SelectionMark">&#160;</span>Files</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span class="SelectionMark">&#160;</span>Functions</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span class="SelectionMark">&#160;</span>Variables</a><a class="SelectItem" href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span class="SelectionMark">&#160;</span>Enumerations</a></div>

<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0" 
        name="MSearchResults" id="MSearchResults">
</iframe>
</div>

</div>
<div class="header">
  <div class="summary">
<a href="#pub-methods">Public Member Functions</a> &#124;
<a href="#pro-methods">Protected Member Functions</a> &#124;
<a href="#pro-attribs">Protected Attributes</a>  </div>
  <div class="headertitle">
<div class="title">CI_Security Class Reference</div>  </div>
</div><!--header-->
<div class="contents">
<table class="memberdecls">
<tr><td colspan="2"><h2><a name="pub-methods"></a>
Public Member Functions</h2></td></tr>
<tr class="memitem:a095c5d389db211932136b53f25f39685"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a095c5d389db211932136b53f25f39685">__construct</a> ()</td></tr>
<tr class="memitem:a03c037268db0c2e6221b65a736eaee07"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a03c037268db0c2e6221b65a736eaee07">csrf_verify</a> ()</td></tr>
<tr class="memitem:a55b1380b93b71ab3d9873bb967c2b9bb"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a55b1380b93b71ab3d9873bb967c2b9bb">csrf_set_cookie</a> ()</td></tr>
<tr class="memitem:a3d09c1dc706abfaad987661805c28a06"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a3d09c1dc706abfaad987661805c28a06">csrf_show_error</a> ()</td></tr>
<tr class="memitem:a1644fd8967db3a1b94988d730ca34991"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a1644fd8967db3a1b94988d730ca34991">get_csrf_hash</a> ()</td></tr>
<tr class="memitem:a00640f51b90b7d946e9d3a4f0c9f628e"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a00640f51b90b7d946e9d3a4f0c9f628e">get_csrf_token_name</a> ()</td></tr>
<tr class="memitem:acb759426dbab128d3d8164805225381c"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean</a> ($str, $is_image=FALSE)</td></tr>
<tr class="memitem:ae2f831d3f277e1c03730b28fd1734186"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#ae2f831d3f277e1c03730b28fd1734186">xss_hash</a> ()</td></tr>
<tr class="memitem:a07306fa600cc7b6de1aa512ba6462975"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a07306fa600cc7b6de1aa512ba6462975">entity_decode</a> ($str, $charset='UTF-8')</td></tr>
<tr class="memitem:aaba16489285496bdc03fd12f699a08f6"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#aaba16489285496bdc03fd12f699a08f6">sanitize_filename</a> ($str, $relative_path=FALSE)</td></tr>
<tr><td colspan="2"><h2><a name="pro-methods"></a>
Protected Member Functions</h2></td></tr>
<tr class="memitem:adfb0e251ae35ae40303a302d253c3ab2"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#adfb0e251ae35ae40303a302d253c3ab2">_compact_exploded_words</a> ($matches)</td></tr>
<tr class="memitem:a37c160ddffea957e9eb03dbfd3471a78"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a37c160ddffea957e9eb03dbfd3471a78">_remove_evil_attributes</a> ($str, $is_image)</td></tr>
<tr class="memitem:af67689597607833df370031fb799c92b"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#af67689597607833df370031fb799c92b">_sanitize_naughty_html</a> ($matches)</td></tr>
<tr class="memitem:a6b1744acaf85e05c65ab17242dea4f06"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a6b1744acaf85e05c65ab17242dea4f06">_js_link_removal</a> ($match)</td></tr>
<tr class="memitem:a5c5e91dc8e3df0174e4e074dd375a8db"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a5c5e91dc8e3df0174e4e074dd375a8db">_js_img_removal</a> ($match)</td></tr>
<tr class="memitem:ae16451bcdc769285c499cbf8068b3523"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#ae16451bcdc769285c499cbf8068b3523">_convert_attribute</a> ($match)</td></tr>
<tr class="memitem:aa385a9c7527f5eece656b9cac73979d3"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#aa385a9c7527f5eece656b9cac73979d3">_filter_attributes</a> ($str)</td></tr>
<tr class="memitem:a5289832cb3ae9cee3c12e82ede958874"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a5289832cb3ae9cee3c12e82ede958874">_decode_entity</a> ($match)</td></tr>
<tr class="memitem:a31b2c9ae75f39b9b38fe05c494bb0f79"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a31b2c9ae75f39b9b38fe05c494bb0f79">_validate_entities</a> ($str)</td></tr>
<tr class="memitem:a61217e43f888cdf8afb1fba16b5cd9f6"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a61217e43f888cdf8afb1fba16b5cd9f6">_do_never_allowed</a> ($str)</td></tr>
<tr class="memitem:a7064dd5501c1dfab05ba6ac8838beb01"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a7064dd5501c1dfab05ba6ac8838beb01">_csrf_set_hash</a> ()</td></tr>
<tr><td colspan="2"><h2><a name="pro-attribs"></a>
Protected Attributes</h2></td></tr>
<tr class="memitem:aca426a0e87199bfa36c7401a1d06a419"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#aca426a0e87199bfa36c7401a1d06a419">$_xss_hash</a> = ''</td></tr>
<tr class="memitem:a8bf24cc529f04164ac20d892ce20d721"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a8bf24cc529f04164ac20d892ce20d721">$_csrf_hash</a> = ''</td></tr>
<tr class="memitem:af86a83f20de2a3c522bf690d4080c08e"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#af86a83f20de2a3c522bf690d4080c08e">$_csrf_expire</a> = 7200</td></tr>
<tr class="memitem:a6752ebca4be235c079785a87a693d932"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a6752ebca4be235c079785a87a693d932">$_csrf_token_name</a> = 'ci_csrf_token'</td></tr>
<tr class="memitem:a52043f2c9ffb0e14eade8e67a0172a82"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#a52043f2c9ffb0e14eade8e67a0172a82">$_csrf_cookie_name</a> = 'ci_csrf_token'</td></tr>
<tr class="memitem:ab883fab930a1c4a926eaa501ab211823"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#ab883fab930a1c4a926eaa501ab211823">$_never_allowed_str</a></td></tr>
<tr class="memitem:ac502ee17d09eb8bbd70a6fb1f9515503"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="class_c_i___security.html#ac502ee17d09eb8bbd70a6fb1f9515503">$_never_allowed_regex</a></td></tr>
</table>
<hr/><h2>Constructor &amp; Destructor Documentation</h2>
<a class="anchor" id="a095c5d389db211932136b53f25f39685"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a095c5d389db211932136b53f25f39685">__construct</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Constructor </p>

</div>
</div>
<hr/><h2>Member Function Documentation</h2>
<a class="anchor" id="adfb0e251ae35ae40303a302d253c3ab2"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#adfb0e251ae35ae40303a302d253c3ab2">_compact_exploded_words</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>matches</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Compact Exploded Words</p>
<p>Callback function for <a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean()</a> to remove whitespace from things like j a v a s c r i p t</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">type</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>type </dd></dl>

</div>
</div>
<a class="anchor" id="ae16451bcdc769285c499cbf8068b3523"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#ae16451bcdc769285c499cbf8068b3523">_convert_attribute</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>match</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Attribute Conversion</p>
<p>Used as a callback for XSS Clean</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">array</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a7064dd5501c1dfab05ba6ac8838beb01"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a7064dd5501c1dfab05ba6ac8838beb01">_csrf_set_hash</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Set Cross Site Request Forgery Protection Cookie</p>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a5289832cb3ae9cee3c12e82ede958874"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a5289832cb3ae9cee3c12e82ede958874">_decode_entity</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>match</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>HTML Entity Decode Callback</p>
<p>Used as a callback for XSS Clean</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">array</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a61217e43f888cdf8afb1fba16b5cd9f6"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a61217e43f888cdf8afb1fba16b5cd9f6">_do_never_allowed</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Do Never Allowed</p>
<p>A utility function for <a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean()</a></p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">string</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="aa385a9c7527f5eece656b9cac73979d3"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#aa385a9c7527f5eece656b9cac73979d3">_filter_attributes</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Filter Attributes</p>
<p>Filters tag attributes for consistency and safety</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">string</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a5c5e91dc8e3df0174e4e074dd375a8db"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a5c5e91dc8e3df0174e4e074dd375a8db">_js_img_removal</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>match</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>JS Image Removal</p>
<p>Callback function for <a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean()</a> to sanitize image tags This limits the PCRE backtracks, making it more performance friendly and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in PHP 5.2+ on image tag heavy strings</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">array</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a6b1744acaf85e05c65ab17242dea4f06"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a6b1744acaf85e05c65ab17242dea4f06">_js_link_removal</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>match</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>JS Link Removal</p>
<p>Callback function for <a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean()</a> to sanitize links This limits the PCRE backtracks, making it more performance friendly and prevents PREG_BACKTRACK_LIMIT_ERROR from being triggered in PHP 5.2+ on link-heavy strings</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">array</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a37c160ddffea957e9eb03dbfd3471a78"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a37c160ddffea957e9eb03dbfd3471a78">_remove_evil_attributes</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>is_image</em>&#160;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">

</div>
</div>
<a class="anchor" id="af67689597607833df370031fb799c92b"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#af67689597607833df370031fb799c92b">_sanitize_naughty_html</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>matches</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Sanitize Naughty HTML</p>
<p>Callback function for <a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean()</a> to remove naughty HTML elements</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">array</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a31b2c9ae75f39b9b38fe05c494bb0f79"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a31b2c9ae75f39b9b38fe05c494bb0f79">_validate_entities</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em></td><td>)</td>
          <td><code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Validate URL entities</p>
<p>Called by <a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean()</a></p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">string</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a55b1380b93b71ab3d9873bb967c2b9bb"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a55b1380b93b71ab3d9873bb967c2b9bb">csrf_set_cookie</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Set Cross Site Request Forgery Protection Cookie</p>
<dl class="section return"><dt>Returns:</dt><dd>object </dd></dl>

</div>
</div>
<a class="anchor" id="a3d09c1dc706abfaad987661805c28a06"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a3d09c1dc706abfaad987661805c28a06">csrf_show_error</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Show CSRF <a class="el" href="class_error.html">Error</a></p>
<dl class="section return"><dt>Returns:</dt><dd>void </dd></dl>

</div>
</div>
<a class="anchor" id="a03c037268db0c2e6221b65a736eaee07"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a03c037268db0c2e6221b65a736eaee07">csrf_verify</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Verify Cross Site Request Forgery Protection</p>
<dl class="section return"><dt>Returns:</dt><dd>object </dd></dl>

</div>
</div>
<a class="anchor" id="a07306fa600cc7b6de1aa512ba6462975"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a07306fa600cc7b6de1aa512ba6462975">entity_decode</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>charset</em> = <code>'UTF-8'</code>&#160;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>HTML Entities Decode</p>
<p>This function is a replacement for html_entity_decode()</p>
<p>The reason we are not using html_entity_decode() by itself is because while it is not technically correct to leave out the semicolon at the end of an entity most browsers will still interpret the entity correctly. html_entity_decode() does not convert entities without semicolons, so we are left with our own little solution here. Bummer.</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">string</td><td></td></tr>
    <tr><td class="paramname">string</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="a1644fd8967db3a1b94988d730ca34991"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a1644fd8967db3a1b94988d730ca34991">get_csrf_hash</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Get CSRF Hash</p>
<p>Getter Method</p>
<dl class="section return"><dt>Returns:</dt><dd>string self::_csrf_hash </dd></dl>

</div>
</div>
<a class="anchor" id="a00640f51b90b7d946e9d3a4f0c9f628e"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#a00640f51b90b7d946e9d3a4f0c9f628e">get_csrf_token_name</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Get CSRF Token Name</p>
<p>Getter Method</p>
<dl class="section return"><dt>Returns:</dt><dd>string self::csrf_token_name </dd></dl>

</div>
</div>
<a class="anchor" id="aaba16489285496bdc03fd12f699a08f6"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#aaba16489285496bdc03fd12f699a08f6">sanitize_filename</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>relative_path</em> = <code>FALSE</code>&#160;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Filename Security</p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">string</td><td></td></tr>
    <tr><td class="paramname">bool</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="acb759426dbab128d3d8164805225381c"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#acb759426dbab128d3d8164805225381c">xss_clean</a> </td>
          <td>(</td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>str</em>, </td>
        </tr>
        <tr>
          <td class="paramkey"></td>
          <td></td>
          <td class="paramtype">$&#160;</td>
          <td class="paramname"><em>is_image</em> = <code>FALSE</code>&#160;</td>
        </tr>
        <tr>
          <td></td>
          <td>)</td>
          <td></td><td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>XSS Clean</p>
<p>Sanitizes data so that Cross Site Scripting Hacks can be prevented. This function does a fair amount of work but it is extremely thorough, designed to prevent even the most obscure XSS attempts. Nothing is ever 100% foolproof, of course, but I haven't been able to get anything passed the filter.</p>
<p>Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing.</p>
<p>This function was based in part on some code and ideas I got from Bitflux: <a href="http://channel.bitflux.ch/wiki/XSS_Prevention">http://channel.bitflux.ch/wiki/XSS_Prevention</a></p>
<p>To help develop this script I used this great list of vulnerabilities along with a few other hacks I've harvested from examining vulnerabilities in other programs: <a href="http://ha.ckers.org/xss.html">http://ha.ckers.org/xss.html</a></p>
<dl class="params"><dt><b>Parameters:</b></dt><dd>
  <table class="params">
    <tr><td class="paramname">mixed</td><td>string or array </td></tr>
    <tr><td class="paramname">bool</td><td></td></tr>
  </table>
  </dd>
</dl>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<a class="anchor" id="ae2f831d3f277e1c03730b28fd1734186"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="class_c_i___security.html#ae2f831d3f277e1c03730b28fd1734186">xss_hash</a> </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<p>Random Hash for protecting URLs</p>
<dl class="section return"><dt>Returns:</dt><dd>string </dd></dl>

</div>
</div>
<hr/><h2>Field Documentation</h2>
<a class="anchor" id="a52043f2c9ffb0e14eade8e67a0172a82"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_csrf_cookie_name = 'ci_csrf_token'<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">

</div>
</div>
<a class="anchor" id="af86a83f20de2a3c522bf690d4080c08e"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_csrf_expire = 7200<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">

</div>
</div>
<a class="anchor" id="a8bf24cc529f04164ac20d892ce20d721"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_csrf_hash = ''<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">

</div>
</div>
<a class="anchor" id="a6752ebca4be235c079785a87a693d932"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_csrf_token_name = 'ci_csrf_token'<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">

</div>
</div>
<a class="anchor" id="ac502ee17d09eb8bbd70a6fb1f9515503"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_never_allowed_regex<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<b>Initial value:</b><div class="fragment"><pre class="fragment"> array(
                                        <span class="stringliteral">&quot;javascript\s*:&quot;</span>                        =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&quot;expression\s*(\(|&amp;\#40;)&quot;</span>      =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>, 
                                        <span class="stringliteral">&quot;vbscript\s*:&quot;</span>                          =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>, 
                                        <span class="stringliteral">&quot;Redirect\s+302&quot;</span>                        =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>
        )
</pre></div>
</div>
</div>
<a class="anchor" id="ab883fab930a1c4a926eaa501ab211823"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_never_allowed_str<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">
<b>Initial value:</b><div class="fragment"><pre class="fragment"> array(
                                        <span class="stringliteral">&#39;document.cookie&#39;</span>       =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&#39;document.write&#39;</span>        =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&#39;.parentNode&#39;</span>           =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&#39;.innerHTML&#39;</span>            =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&#39;window.location&#39;</span>       =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&#39;-moz-binding&#39;</span>          =&gt; <span class="stringliteral">&#39;[removed]&#39;</span>,
                                        <span class="stringliteral">&#39;&lt;!--&#39;</span>                          =&gt; <span class="stringliteral">&#39;&amp;lt;!--&#39;</span>,
                                        <span class="stringliteral">&#39;--&gt;&#39;</span>                           =&gt; <span class="stringliteral">&#39;--&amp;gt;&#39;</span>,
                                        <span class="stringliteral">&#39;&lt;![CDATA[&#39;</span>                     =&gt; <span class="stringliteral">&#39;&amp;lt;![CDATA[&#39;</span>,
                                        <span class="stringliteral">&#39;&lt;comment&gt;&#39;</span>                     =&gt; <span class="stringliteral">&#39;&amp;lt;comment&amp;gt;&#39;</span>
        )
</pre></div>
</div>
</div>
<a class="anchor" id="aca426a0e87199bfa36c7401a1d06a419"></a>
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">$_xss_hash = ''<code> [protected]</code></td>
        </tr>
      </table>
</div>
<div class="memdoc">

</div>
</div>
<hr/>The documentation for this class was generated from the following file:<ul>
<li>/Applications/MAMP/htdocs/Workspace/blp2.0/system/core/<a class="el" href="_security_8php.html">Security.php</a></li>
</ul>
</div><!-- contents -->


<hr class="footer"/><address class="footer"><small>
Generated on Wed Mar 14 2012 15:49:56 for BLP2.0 by &#160;<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/>
</a> 1.8.0
</small></address>

</body>
</html>
